Strategies and Tactics Taken to Handle Cyberthreat Issues and How to Manage Risk in the COVID Era

CEO Leadership Forums is committed to facilitating a strategic partnership between Valencia College, their students, and local businesses.

Business Leader looking for good employee benefits
Graphic element
Graphic element
Insurance Agent for employee benefits in Florida

Ready to take your employee experience to the next level? Discover the array of valuable perks and rewards waiting for your team with Fringe Benefits!

Strategies to handle cyberthreat issues webinar poster image

Cyber Threats! Ransomware! Protect Your Digital Assets.

Welcome to our group discussion with CEO Leaders on the risks of being hacked and preventative measures in the Covid era.
Wednesday, September 1, 2021 – 7:30AM – 10:00AM
www.ceoleadershipforums.com

Mission

CEO Leadership Forums is committed to facilitating a strategic partnership between Valencia College, their students, and local businesses in providing CEOs access to an excellent talent pool, CEO level education and Mastermind opportunities, while providing scholarships to students to advance their careers.
www.ceoleadershipforums.com

Disclaimer

Please note it is our intention to provide information as accurately as possible. Given the speed and fluidity of current events, the speakers’ comments represent best interpretations of new laws as we know them to be. Future government rulings and interpretations could change and potentially affect your own personal situation. Please continue to keep current with these changes through continual dialogue with your professional advisors.
www.ceoleadershipforums.com

Next Event:

Thursday, November 4, 2021
Time and Date TBD
Introducing our distinguished Panel of Experts

Roy Richardson Aurora – Infotech

James McQuiggan, CISSP Valencia College KnowBe4 Speaker/Moderator Casey Fernandez Ron Wilkinson HYLANT Nperspective CFO

Your Key Note Speaker

  • Security Awareness Advocate for KnowBe4
  • Adjunct Professor Valencia College Engineering, Computer Programing & Technology
  • President – (ISC)2 Central Florida Chapter
  • Member of the Trustee Board for the Center for Cyber Safety & Education
  • Security Awareness Advocate, KnowBe4 Inc.
  • Former Cyber Security Awareness Lead, Siemens Energy & Product Security Officer, Siemens Gamesa
  • Professor, Valencia College
  • President, (ISC)2 Central Florida Chapter
  • Board of Trustees, Center for Cyber Safety & Education

Security Awareness Advocate

If you discovered burglaries were occurring in your neighborhood, what would you do to protect your home?

If you discovered cybercriminals were stealing data from other organizations, what would you do to protect your organization?

I figured out Forrest Gump’s password

Ransomware

  • What is it?
  • Why does it happen?
  • How does this impact the business?
  • What to do if you’re attacked
  • Best Practices & Prevention

The New Normal in Ransomware

  • Conti, CLOP, Darkside, REvil & DoppelPaymer, & others
  • Double encryption / Double extortion
  • Exfiltrate data & extort if organizations do not pay the ransom
  • If orgs don’t pay, they target the
  • victims from the data collected
  • Triple Extortion
  • Target the patients, and customers

Timelines – Harma / Netwalker / Ryuk

  • Harma / Dharma (Crysis) -~17 minutes
  • 0:00 RDP login from 212.102.45.98
  • 0:01 Opens Task Manager (usually to see who else is logged in)
  • 0:03 Drops/runs Network Scanner (SoftPerfect)
  • 0:08 RDPs into a Domain Controller (DC)
  • 0:10 DC – Opens Task Manager
  • 0:10 DC – Drops/runs Network Scanner
  • 0:13 DC – Drops Harma ransomware on the desktop and then runs it
  • 0:17 entry point – Drops Harma ransomware on the desktop and then runs it
  • Netwalker Ransomware – 1 hour
  • Ryuk – anywhere between 2 & 29 hours

Source: thedfirreport.com

Ransomware as a Service (RaaS)

  • Designed for people who are not technical to set up attacks
  • Costs range from free to 50/50 split to 30/70 for the attacker
  • RaasBerry – tiered levels
  • All payments use Bitcoin

Phishing & Remote Access

Humans Have Always Been the Weakest Link in Security

The human layer represents a high value and probability target because the time and cost required by attackers is low
19 Source: Verizon 2020 Data Breach Investigations Report

Ransomware Is a Data Breach

  • Criminal hackers infiltrate the network
  • Install Trojans / other malware
  • Delete backups
  • Steal data before encryption
  • Hold the data for ransom
  • Leak Data, Intellectual Property
  • Public Shaming / Threatening Victim’s Customers

RANSOMWARE ATTACK!

Evaluate Your Responses

  • Decrypt it yourself Deal or No Deal
  • Negotiate or Pay the Ransom
  • Rid Your Computer of All Ransomware and Malware
  • Wipe the machine and reload
  • Possible remaining malware artifacts undetectable to EDR
  • Consider the risks of unknown remnants for future attack
  • Organizations have been known to be hit twice!

Cybersecurity Insurance

  • Too much risk, too much payout
  • Cyber Claim Adjusters > Underwriters
  • Average payout increased 10x since 2019
  • Ransomware detection > 200 days
  • Ransomware policy require secondary rider
  • MFA is required
  • 30 days to remediate vulnerabilities discovered during initial scan

Should Your Company Pay the Ransom if Attacked?

  • 15% of SMBs – this is top threat
  • 65% lose revenue
  • 53% reputation damaged
  • 32% lost a C-Suite talent • 35% paid ransom ($350k>$1.4mill)
  • 57% suffered < $50k in remediation

Question: Does the organization have the funding to cover this?

Source: Threatpost.com

Best Practices and Tips to Protect Against Ransomware

  • What it’s like for your IT Team
  • Security isn’t cheap… neither is ransomware
  • Sustainability
  • Loss of Availability Loss of Production Loss of Profits
  • Ransomware Costs

Self Reflection

  1. How well can we defend against a ransomware attack?
  2. What is the plan to detect / contain a ransomware attack?
  3. Who are you going to call post attack?
  4. How often are tabletop exercises and audit reviews of the CSIRT occurring?
  5. Do you have line items in the budget for ransomware / data breaches?

More Questions?

  • Data backups – tested & integrity
  • What is the risk level for a sensitive data leak?
  • Do you have cryptocurrency available?
  • Has the organization decided whether to pay or not?

The Ransomware Hostage Rescue Manual

Get your FREE copy of the Ransomware Hostage Rescue Manual from the KnowBe4 site.

https://www.knowbe4.com/ransomware

Know more about KnowBe4.
Contact: James R. McQuiggan, CISSP jmcquiggan@knowbe4.com @james_mcquiggan

Introducing our distinguished Panel of Experts

  • Roy Richardson Aurora – Infotech
  • James McQuiggan, CISSP Valencia College KnowBe4 Speaker/Moderator
  • Casey Fernandez HYLAND
  • Ron Wilkinson Nperspective CFO
  • Nicole McMurray – Apple One
  • Doug Forman – Fringe Benefit Plans

Should we pay the ransom?

  • Do I need to disclose the ransomware attack?
  • Can I be fired after a ransomware attack?
  • Does ransomware trigger any data breach laws?
  • Can I sue an insurance company for not paying the ransomware claim?

Thursday, November 4, 2021
www.ceoleadershipforums.com

Contact Information

James McQuiggan
KnowB4 USA
Valencia College 727-316-6739
jmcquiggan@knowbe4.com;
jmcquiggan1@valenciacollege.edu

Geoffrey Gallo, Partner
Grennan Fender CPA
407-579-5700
ggallo@grennanfender.com

Doug Foreman, President
Fringe Benefit Plans Inc
407-342-3241
doug@fbplans.com

Nicole McMurray, Regional Mgr Apple One
407-414-5007
nmcmurray@appleone.com

Roy Richardson, Principal
407-409-0275
royrichardson@aurora-infotech.com

Casey Fernandez, Client Executive
HYLANT
407-492-4248
casey.fernandez@hylant.com

Ron Wilkinson, Principal
Nperspective CFO
407-489-0088
rwilkinson@npcfo.com